In the next columns, calculate the SLE, ARO, and ALE. After you have a completed the asset/risk table, create a new table of controls and their associated costs for each risk you have identified. Create at least two controls for each risk (choices are always good). You only need two columns: Control Description and Annual Cost. From your two tables, compare the control cost with the ALE of each risk and make a recommendation for the “best” control for each risk.
List each asset (database, server, and data center) and at least three risks to each asset. Use a six-column table with the assets and risks in the leftmost column. In the next column, assign a value to each asset. In the third column, decide on an EF value for each asset and risk pair. For example, if a fire destroys your building, how much of the building is lost? The answer depends on the severity of the fire. You may end up (in a real risk assessment) specifying several different types of fire. Do not do that here. Each risk in this exercise should be unique